Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/10/2014
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Alleged Russian Cyber-Criminal Now Charged in 40-Count Superseding Indictment

New counts emerge.

A federal grand jury in Seattle returned a second superseding indictment late yesterday charging a Russian national with 11 additional counts and further detailing his alleged scheme to hack into businesses and steal credit card information for later sale over the Internet on “carding” websites. 

The now 40-count indictment alleges that Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia, was involved in the theft and sale of more than 2 million credit card numbers.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and Acting U.S. Attorney Annette L. Hayes of the Western District of Washington made the announcement.

“The additions in this superseding indictment show how cybercriminals use the Internet not only to infiltrate and steal sensitive data, but also to teach other criminals how to navigate the credit-card selling underworld and get equipment that can be used to defraud U.S. citizens,” said Assistant Attorney General Caldwell.  “The Criminal Division is committed to investigating these thefts and uncovering the methods of computer hackers to stay one step ahead of them and bring them to face justice.”

“The charges returned by the grand jury detail a criminal scheme that continued right up until Mr. Seleznev’s arrest in July,” said Acting U.S. Attorney Hayes.  “As set forth in the indictment, the government expects to prove at trial that Seleznev was a leader in the marketplace for stolen credit card numbers, and even created a website offering a tutorial on how to use stolen credit card numbers to commit crime.”

The indictment charges Seleznev with 11 counts of wire fraud, nine counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.  Seleznev is currently scheduled for trial on Nov. 3, 2014, and will be arraigned on the new charges sometime next week. 

According to court documents, between October 2009 and October 2013, Seleznev allegedly hacked into retail point of sale systems and installed malicious software to steal credit card numbers from various businesses.  Seleznev allegedly created and operated the infrastructure to facilitate the theft and sale of credit card data, used servers located all over the world to facilitate his operation, and sold stolen credit card data on a website known as “2pac.cc.”

Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.  

The charges contained in the indictments are only allegations.  A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

The case is being investigated by the U.S. Secret Service Electronic Crimes Task Force, which includes detectives from the Seattle Police Department.  The case is being prosecuted by Trial Attorney Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Norman M. Barbosa and Seth Wilkinson of the Western District of Washington.  The Office of International Affairs and the U.S. Attorney’s Office for the District of Guam provided substantial assistance in this case.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32238
PUBLISHED: 2021-05-18
Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario.
CVE-2020-23851
PUBLISHED: 2021-05-18
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.
CVE-2020-23852
PUBLISHED: 2021-05-18
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.
CVE-2020-23856
PUBLISHED: 2021-05-18
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
CVE-2020-24026
PUBLISHED: 2021-05-18
TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting...